- Home
- CVEs with nessus.description==The remote host is affected by the vulnerability described in GLSA-200509-12
(Apache, mod_ssl: Multiple vulnerabilities)
mod_ssl contains a security issue when 'SSLVerifyClient optional' is
configured in the global virtual host configuration (CAN-2005-2700).
Also, Apache's httpd includes a PCRE library, which makes it vulnerable
to an integer overflow (CAN-2005-2491).
Impact :
Under a specific configuration, mod_ssl does not properly enforce the
client-based certificate authentication directive, 'SSLVerifyClient
require', in a per-location context, which could be potentially used by
a remote attacker to bypass some restrictions. By creating a specially
crafted '.htaccess' file, a local attacker could possibly exploit
Apache's vulnerability, which would result in a local privilege
escalation.
Workaround :
There is no known workaround at this time.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top